/Hardware-Assisted-AV

Additional material for the Hardware Assisted AV paper

Primary LanguageC++MIT LicenseMIT

Hardware-Assisted-AV

Additional material for the Hardware Assisted AV paper

Authors

Msc. Marcus Botacin, under supervision of Prof. Dr. Marco Zanata and Prof. Dr. André Grégio -- Department of Informatics - Federal University of Paraná -- and Profª Drª. Daniela Oliveira.

Goal

Discuss the use of branch history as signature for malware detection.

Repository Organization

  • Branch.Framework: A two-level architecture solution which generates branch history patterns and match them against known signatures, trigerring AV scans. ** Branch.Framework/Hardware: The hardware component; A PIN-based tool responsible for branch pattern generation and signature matching. ** Branch.Framework/Software: The software component; An ordinary AV responsible for False Positive elimination/disambiguation.

  • Signature.Generation: Approaches for signature generation from branch data.

  • Signature.Generation/Whitelist: The usual way of generating signatures.

  • Signature.Generation/Neural.Network: An approach to reduce the signature search space.

Paper

To Be Published